CN110311850A - A kind of network-based data processing method and electronic equipment - Google Patents
A kind of network-based data processing method and electronic equipment Download PDFInfo
- Publication number
- CN110311850A CN110311850A CN201910599639.9A CN201910599639A CN110311850A CN 110311850 A CN110311850 A CN 110311850A CN 201910599639 A CN201910599639 A CN 201910599639A CN 110311850 A CN110311850 A CN 110311850A
- Authority
- CN
- China
- Prior art keywords
- data
- target packet
- packet
- target
- type
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
This application discloses a kind of network-based data processing method and electronic equipments, the described method includes: intercepting and capturing target packet, specific first data in target packet are extracted, and obtain the first kind information of the type for characterizing target packet in the first data;According to the record content of the first data, the Second Type information of source body current in target packet is obtained;According to first kind information and Second Type information, judge whether the target packet intercepted and captured meets default clearance condition, and according to judging result processing target data packet.This method processing mode is simply easy to use, the data packet for being sent to target device can be intercepted, and it can accurately judge whether the data packet meets default clearance condition, standby spy is can accurately to judge whether the data packet is the data packet based on the building of HTTP tunneling technique, and it performs corresponding processing, it avoids failing to report wrong report, effectively increases network security.
Description
Technical field
This application involves network communication field, in particular to a kind of network-based data processing method and electronic equipment.
Background technique
With the fast development of informatization and IT technology, network technology is more widely applied deeply, but is being benefited
While network accelerates business processing, the importance of network security technology is more prominent, and network security is Logistics networks space
The premise of development and basis.During constructing Network Security Environment, the data packet that needs to send user by network into
Row control, for example, can by firewall configuration access control strategy protect the safety of Intranet, in firewall as
On all can the equal HTTP of configuration access outer net destination port 80 or 8080 port, the user that can permit Intranet passes through these ends
It mouthful accesses the resource of outer net, and forbids accessing other ports, to protect Intranet resource.But occur in network environment at present
Some special network behaviors, such as network behavior based on HTTP tunneling technique, can allow user's firewall-penetrating of Intranet,
Go to access any outer net resource without being found and being blocked by firewall, this is a kind of extremely unsafe behavior.But for
There is no effective control methods at present for such network behavior, cannot accurately be judged it, to seriously threaten net
Network safety.
Summary of the invention
The embodiment of the present application is designed to provide a kind of network-based data processing method and electronic equipment, this method
Processing is simple easy to use, and can accurately judge whether the data packet meets default clearance condition, it is special it is standby be can be accurate
Judge whether the data packet is and to be performed corresponding processing, effectively improved based on the data packet of HTTP tunneling technique building
Network security.
In order to solve the above-mentioned technical problem, embodiments herein adopts the technical scheme that a kind of network-based
Data processing method, which comprises
Target packet is intercepted and captured, extracts specific first data in the target packet, and obtain first data
In for characterize the target packet type first kind information;
According to the record content of first data, the second class of source body current in the target packet is obtained
Type information;
According to the first kind information and the Second Type information, judge whether the target packet intercepted and captured is full
The default clearance condition of foot, and the target packet is handled according to judging result.
Preferably, it is described according to the first kind information and the Second Type information, judge to intercept and capture described
Whether target packet meets default clearance condition, and handles the target packet according to judging result and include:
The corresponding fisrt feature of the first kind information is obtained from default feature database based on the first kind information
Code;
The fisrt feature code and the Second Type information are compared, as both the content that is characterized it is identical when,
Then judge that the target packet meets the default clearance condition.
Preferably, the method also includes:
When not finding the corresponding fisrt feature code of the first kind information in the default feature database, then
Think that the target packet meets the default clearance condition.
Preferably, the Second Type information of source body current in the acquisition target packet is specific
Are as follows:
The data characteristics for determining the source body generates corresponding second feature code according to the data characteristics, wherein
The second feature code is used to characterize the type of the source body.
Preferably, described include: according to the judging result processing target packet
When the target packet meets the default clearance condition, the target packet of letting pass, so that it is sent out
It send to target device;
When the target packet is unsatisfactory for the default clearance condition, then the target packet is abandoned, wherein
The default clearance condition includes the data packet that the target packet is not based on the building of the tunnel HTTP.
Preferably, the intercepting and capturing target packet, extracts specific first data in the target packet, and obtain
Take the first kind information of the type for characterizing the target packet in first data specifically:
The target packet based on http protocol is intercepted and captured, extracts the header data in the target packet, and obtain institute
State the first field of the type for characterizing the target packet in header data.
Preferably, the record content according to first data, obtain current in the target packet
The Second Type information of source body includes:
According to the length field in the header data, the source body in the target packet is determined, to obtain
State the Second Type information of source body.
The embodiment of the present application also provides a kind of electronic equipment, comprising:
Module is obtained, is configured to intercept and capture target packet, extracts specific first data in the target packet, and
Obtain the first kind information of the type for characterizing the target packet in first data;According to first number
According to record content, obtain the Second Type information of source body current in the target packet;
Processing module is configured to the institute for judging to intercept and capture according to the first kind information and the Second Type information
It states whether target packet meets default clearance condition, and the target packet is handled according to judging result.
Preferably, the processing module is further configured to:
The corresponding fisrt feature of the first kind information is obtained from default feature database based on the first kind information
Code;
The fisrt feature code and the Second Type information are compared, as both the content that is characterized it is identical when,
Then judge that the target packet meets the default clearance condition.
Preferably, the processing module is further configured to:
When not finding the corresponding fisrt feature code of the first kind information in the default feature database, then
Think that the target packet meets the default clearance condition.
The beneficial effect of the embodiment of the present application is: this method processing mode is simply easy to use, can be to being sent to target
The data packet of equipment is intercepted, and can accurately judge whether the data packet meets default clearance condition, it is special it is standby be can
Accurately judge whether the data packet is the data packet based on the building of HTTP tunneling technique, and perform corresponding processing, avoids
Wrong report is failed to report, network security is effectively increased.
Detailed description of the invention
Fig. 1 is the flow chart of the data processing method of the embodiment of the present application;
Fig. 2 is the flow chart of a specific embodiment of step S3 in Fig. 1 of the embodiment of the present application;
Fig. 3 is the flow chart of another specific embodiment of step S3 in Fig. 1 of the embodiment of the present application;
Fig. 4 is the flow chart of a specific embodiment of the data processing method of the embodiment of the present application;
Fig. 5 is the structural schematic diagram of the electronic equipment of the embodiment of the present application.
Specific embodiment
The various schemes and feature of the application are described herein with reference to attached drawing.
It should be understood that various modifications can be made to the embodiment applied herein.Therefore, description above should not regard
To limit, and only as the example of embodiment.Those skilled in the art will expect in the scope and spirit of the present application
Other modifications.
The attached drawing being included in the description and forms part of the description shows embodiments herein, and with it is upper
What face provided is used to explain the application together to substantially description and the detailed description given below to embodiment of the application
Principle.
By the description of the preferred form with reference to the accompanying drawings to the embodiment for being given as non-limiting example, the application's
These and other characteristic will become apparent.
It is also understood that although the application is described referring to some specific examples, those skilled in the art
Member realizes many other equivalents of the application in which can determine, they have feature as claimed in claim and therefore all
In the protection scope defined by whereby.
When read in conjunction with the accompanying drawings, in view of following detailed description, above and other aspect, the feature and advantage of the application will become
It is more readily apparent.
The specific embodiment of the application is described hereinafter with reference to attached drawing;It will be appreciated, however, that applied embodiment is only
Various ways implementation can be used in the example of the application.Known and/or duplicate function and structure and be not described in detail to avoid
Unnecessary or extra details makes the application smudgy.Therefore, applied specific structural and functionality is thin herein
Section is not intended to restrictions, but as just the basis of claim and representative basis be used to instructing those skilled in the art with
Substantially any appropriate detailed construction diversely uses the application.
This specification can be used phrase " in one embodiment ", " in another embodiment ", " in another embodiment
In " or " in other embodiments ", it can be referred to one or more of the identical or different embodiment according to the application.
A kind of network-based data processing method of the embodiment of the present application, this method can be applied in the electronic device,
During user accesses to target device by network, electronic equipment can carry out data processing in the process, such as
The electronic equipments such as firewall can carry out data processing during user is interacted by network and target device, such as scheme
Shown in 1, the data processing method the following steps are included:
S1 intercepts and captures target packet, extracts specific first data in target packet, and obtain the use in the first data
In the first kind information of the type of characterization target packet.
User can send target packet to target device by client etc. when using network and (or be request report
Text), which can be sent to target device if not intercepted and respond target device, to realize that data are handed over
Mutually.It in the present embodiment, is intercepted and captured before issuing target packet, such as the mesh for being issued user by firewall equipment
Mark Data Packet Seize.Specific first data in target packet are extracted, which is number specific to target packet
According to that is, no matter necessary set content in the data structure of target packet is used such as the header data in HTTP data packet
Family sends the data packet comprising any content and contains the target data in first data wherein all having first data
Numerous data parameters.The expression target packet in numerous data parameters can be obtained in the present embodiment from the first data
The first kind information of type, so that the initial form record of target packet is got, such as jpeg type, json type, doc
Type etc..
S2 obtains the Second Type letter of source body current in target packet according to the record content of the first data
Breath.
First data are necessary set content in the data structure of target packet, the record content of the first data
In contain some data parameters of the target packet, be different from the first data in the data parameters and target packet
Other data are associated, and the relevant information of other data, in one embodiment, target can be obtained from these data parameters
Second data of data packet are source body, source body (also referred to as request data, such as the BODY data in HTTP data packet)
For the substantial data content of target packet, and the correlation about the source body is then had recorded in the record content of the first data
Information, so as to search out the source body from target packet by record content in the first data.
After finding source body the data type of the source body can be judged simultaneously based on the data content of the source body
Second Type information is generated, since source body is the current substantive content of the target packet, believed by Second Type
Breath may determine that the substantial data type for the target packet currently intercepted and captured, such as jpeg type, json type, doc type etc..
S3 judges whether the target packet intercepted and captured meets default put according to first kind information and Second Type information
Row condition, and according to judging result processing target data packet.
Specifically, presetting clearance condition can be arranged according to actual needs, the data class such as intercepted as needed
Type, or intercept etc. for the data packet issued based on particular network technologies, certain user also can according to need pair
Content in default clearance condition is modified.In the present embodiment, can according to first kind information and Second Type information come
Judge whether the target packet intercepted and captured meets default clearance condition, which can have a variety of logic judgments,
Think that target packet meets default put if when first kind information belongs to allow clearance type with Second Type information
Row condition;Alternatively, first kind information is compared with Second Type, then think that the target packet does not have when content is identical
Implement deception movement, then it is assumed that target packet meets default clearance condition, and if content is not identical, thinks this after comparing
Target packet implements deception movement and then thinks that the target packet is unsatisfactory for default clearance condition.It can root in the present embodiment
It is judged that result treatment target packet, allows the target packet to be sent to target device when such as meeting clearance condition, it is no
The target packet is then forbidden to issue.
It can be seen that the data processing method of the present embodiment, processing mode is simply easy to use, can be to being sent to target device
Data packet is intercepted, and can accurately judge whether the data packet meets default clearance condition, it is special it is standby be can be accurate
Judge whether the data packet is the data packet based on the building of HTTP tunneling technique, and perform corresponding processing, avoids failing to report mistake
Report, effectively increases network security.
In one embodiment of the application, as shown in Fig. 2, described believe according to first kind information and Second Type
Breath, judges whether the target packet intercepted and captured meets default clearance condition, and includes: according to judging result processing target data packet
S31 obtains the corresponding fisrt feature code of first kind information based on first kind information from default feature database;
S32 compares fisrt feature code and Second Type information, as both the content that is characterized it is identical when, then sentence
The target packet of breaking meets default clearance condition.
Default feature database is user's pre-set database according to actual needs, wherein storing point
The relevant information of the data packet of analysis, the corresponding characteristic information of type and the type including data packet, such as header data, head
The information such as the format of the condition code of the type of data type field, data packet in portion's data, the length of condition code, condition code.
Which kind of need come from addition, the relevant information for needing to store data packet in default feature database can be actually used according to user
Definition, such as can store the relevant information for the data packet being often used, also can store the data packet for being easy to appear safety problem
Relevant information etc..
It is corresponding with fisrt feature code to first kind information, in one embodiment first kind information and the fisrt feature
Code is unique corresponding.The corresponding fisrt feature code of the first kind information is searched in default feature database in the present embodiment, is found
The fisrt feature code is the original condition code of the target packet of user preset, it is believed that is the type pair of target packet
The correct condition code answered can also regard the first kind information and corresponding fisrt feature code as basic data.The
Two type informations are the information of the actual type of target packet, as the reality of active user's target packet to be issued
Type information.When fisrt feature code and Second Type information compare, and the content that the two is characterized is identical, it may be considered that
The target packet currently to be sent does not implement deception movement, such as without using HTTP tunneling technique, then it is assumed that target data
Packet meets default clearance condition;And think that the target packet implements deception movement if content after comparison is not identical, such as
Use HTTP tunneling technique that may bring risk to network security, then it is assumed that the target packet is unsatisfactory for default release permit
Part, without allowing the target packet to issue.
Preferably, the data processing method is further comprising the steps of: when not finding first in default feature database
When the corresponding fisrt feature code of type information, then it is assumed that target packet meets default clearance condition.
Specifically, if presetting the relevant information of not stored first kind information in feature database, including first kind letter
Corresponding fisrt feature code is ceased, then the corresponding target packet of first kind information is regarded as the number of security type by user
According to, or the data without being monitored, directly the target packet can be let pass, that is, think that it meets default clearance condition
And it is let pass.The embodiment can be more accurate determination monitored object, to effectively improve treatment effeciency.
In one embodiment of the application, the Second Type of current source body in the acquisition target packet
Information specifically: the data characteristics for determining source body generates corresponding second feature code according to data characteristics, wherein second is special
Sign code is used to characterize the type of source body.Specifically, source body (also referred to as request data, in HTTP data packet
BODY data) be target packet substantial data content, the data characteristics of source body includes each data parameters, such as the
Two type informations etc., the data characteristics can indicate the current actual characteristic of target packet, including may cause network peace
Full data parameters.In the present embodiment, corresponding second feature code, such as data can be generated according to the data characteristics of source body
Feature is Second Type information, then generates the corresponding second feature code of the Second Type information, and second feature code characterizes mesh
Mark the currently practical data type of data packet.
In one embodiment of the application, as shown in figure 3, described according to judging result processing target data packet
It includes:
S33, when target packet meets default clearance condition, clearance target packet, so that it is sent to target
Equipment;
S34 then abandons target packet when target packet is unsatisfactory for default clearance condition, wherein default to let pass
Condition includes the data packet that target packet is not based on the building of the tunnel HTTP.
Specifically, when target packet meets default clearance condition, that is, think that the target packet will not bring net
Network safety problem can then drive the electronic equipments such as firewall that the target device of intercepting and capturing is let pass, so that it is sent to target and set
Standby, to meet user's requirement, and target device can be responded accordingly according to the target packet received, to reach
The purpose of network-based data interaction.And when target packet is unsatisfactory for default clearance condition, then by target packet
It abandons, prevents from will cause network security problem after sending the target packet, such as steal user information, propagate computer virus,
The problems such as altered data.In addition, default clearance condition includes that target packet is not based on the building of the tunnel HTTP in the present embodiment
Data packet, that is, judge that target packet is not based on the data packet of HTTP tunneling technique building and can then be let pass, and lead to
It crosses above-mentioned data processing method and thinks that the target packet is then to think that it does not have based on the data packet that HTTP tunneling technique constructs
There is safety, is abandoned.HTTP tunneling technique is exactly that all data to be transmitted all are encapsulated into http protocol to carry out
Transmission, HTTP tunneling technique almost supports all network accesses, such as: dial up on the telephone, ADSL, Cable Modem, NAT it is saturating
Ming Dynasty's reason, the GET type of HTTP and CONNECT type agency, SOCKS4 agency, SOCKS5 agency etc..Therefore illegal user can be with base
Network security is destroyed in the HTTP tunneling technique, such as can be set as IE Agent sections in HTTP data packet, is 80 to external port,
Then the trojan horse of oneself is injected IE process, prevent firewall is sending data from telling really trojan horse
Packet.
In one embodiment of the application, the intercepting and capturing target packet is extracted specific the in target packet
One data, and obtain the first kind information of the type for characterizing target packet in the first data specifically: intercept and capture base
In the target packet of http protocol, the header data in target packet is extracted, and obtains and is used to characterize in header data
First field of the type of target packet.
Specifically, header data includes multiple parameters information, such as Accept: the acceptable mime type of browser;
Accept-Charset: the acceptable character set of browser;Accept-Encoding: browser is able to carry out decoded data
Coding mode;Accept-Language: category of language desired by browser, when the target devices such as server are capable of providing one
Kind or more language version when to use;Authorization: authorization message is typically occurred in target devices such as servers
In the response of the WWW-Authenticate head of transmission;Content-Length: the length of request message text is indicated;
Content-Type: indicate what mime type subsequent document belongs to;SetContent-Type: setting Content-Type
Head data etc..The first field of the type for characterizing target packet in header data is obtained in the present embodiment;As obtained
Content-Type field, to obtain first kind information according to Content-Type field.
In one embodiment of the application, the record content according to the first data is obtained in target packet
The Second Type information of current source body includes: to be determined in target packet according to the length field in header data
Source body, to obtain the Second Type information of source body.For example, according to the Content-Length in header data
Field determines the part BODY in target packet, i.e. actual request data, thus further according to the portion BODY in target packet
Divide the actual type for determining source body.
In the following, being illustrated in conjunction with a specific embodiment and in conjunction with Fig. 4 to the data processing method.Interception target data
Packet, identifies whether target packet is the data packet based on http protocol, if it is, extracting the head letter of target packet
Content-type and content-length field in breath;According to the number in the content-length field extracted
Value extracts the information of the part BODY of HTTP data packet (message);According to the type in the content-type field extracted
Data carry out inquiry operation from the default feature database having had been built up, inquiry the type data corresponding fisrt feature codes,
It lets pass if not finding fisrt feature code the target packet, if inquiring the fisrt feature code of the data type, into
Row following steps, the part BODY of the HTTP data packet (message) based on extraction, it is parsed and is generated accordingly
Two condition codes judge that whether corresponding with the categorical data in content-type field second feature code fisrt feature code be identical
(whether meeting default clearance condition) thinks that the HTTP TUNNEL technology (tunnel HTTP is not used in the target packet as identical
Technology), target packet of letting pass, otherwise it is assumed that the target packet has used the HTTP TUNNEL technology (tunnel HTTP skill
Art), target packet is abandoned.
The embodiment of the present application also provides a kind of electronic equipment, as shown in Figure 5, comprising:
Module is obtained, is configured to intercept and capture target packet, extracts specific first data in target packet, and obtain
The first kind information of the type for characterizing target packet in first data;According to the record content of the first data, obtain
Take the Second Type information of source body current in target packet.
User can send target packet to target device by client etc. when using network and (or be request report
Text), which can be sent to target device if not intercepted and respond target device, to realize that data are handed over
Mutually.In the present embodiment, module is obtained before issuing target packet and is intercepted and captured, such as obtain module and set by firewall
The standby target data packet capturing for issuing user.It obtains module and extracts specific first data in target packet, first number
According to being data specific to target packet, i.e. necessary set content in the data structure of target packet, such as HTTP number
According to the header data in packet, i.e., no matter user send include any content data packet, wherein all have first data, this
Numerous data parameters of the target data are contained in one data.Numerous data can be obtained in the present embodiment from the first data
The first kind information of the type of expression target packet in parameter, to get the initial form note of target packet
Record, such as jpeg type, json type, doc type etc..
Module is obtained according to the record content of the first data, obtains the second class of source body current in target packet
Type information.First data are necessary set content in the data structure of target packet, the record content of the first data
In contain some data parameters of the target packet, be different from the first data in the data parameters and target packet
Other data are associated, and the relevant information of other data, in one embodiment, target can be obtained from these data parameters
Second data of data packet are source body, source body (also referred to as request data, such as the BODY data in HTTP data packet)
For the substantial data content of target packet, and the correlation about the source body is then had recorded in the record content of the first data
Information, so as to search out the source body from target packet by record content in the first data.
After finding source body the data type of the source body can be judged simultaneously based on the data content of the source body
Second Type information is generated, since source body is the current substantive content of the target packet, believed by Second Type
Breath may determine that the substantial data type for the target packet currently intercepted and captured, such as jpeg type, json type, doc type etc..
Processing module is configured to the target packet for judging to intercept and capture according to first kind information and Second Type information
Whether satisfaction presets clearance condition, and according to judging result processing target data packet.
Specifically, presetting clearance condition can be arranged according to actual needs, the data class such as intercepted as needed
Type, or intercept etc. for the data packet issued based on particular network technologies, certain user also can according to need pair
Content in default clearance condition is modified.In the present embodiment, processing module can be according to first kind information and the second class
Type information judges whether the target packet intercepted and captured meets default clearance condition, which can have a variety of patrol
Judgement is collected, thinks that target packet meets if when first kind information belongs to allow clearance type with Second Type information
Default clearance condition;Alternatively, first kind information is compared with Second Type, the target data is then thought when content is identical
Packet is without implementing deception movement, then it is assumed that and target packet meets default clearance condition, and if after comparing, if content is not identical
Think that the target packet implements deception movement and then thinks that the target packet is unsatisfactory for default clearance condition.In the present embodiment
Processing module can allow target data coating to send according to judging result processing target data packet when such as meeting clearance condition
To target device, the target packet is otherwise forbidden to issue.
It can be seen that the electronic equipment of the present embodiment is when handling data, processing mode is simply easy to use, can be to being sent to mesh
The data packet of marking device is intercepted, and can accurately judge whether the data packet meets default clearance condition, and it is energy that spy is standby
It is enough accurately to judge whether the data packet is the data packet based on the building of HTTP tunneling technique, and perform corresponding processing, it keeps away
Exempt to fail to report wrong report, effectively increases network security.
In one embodiment of the application, processing module is further configured to:
The corresponding fisrt feature code of first kind information is obtained from default feature database based on first kind information;
Fisrt feature code and Second Type information are compared, as both the content that is characterized it is identical when, then judge mesh
It marks data packet and meets default clearance condition.
Default feature database is user's pre-set database according to actual needs, wherein storing point
The relevant information of the data packet of analysis, the corresponding characteristic information of type and the type including data packet, such as header data, head
The information such as the format of the condition code of the type of data type field, data packet in portion's data, the length of condition code, condition code.
Which kind of need come from addition, the relevant information for needing to store data packet in default feature database can be actually used according to user
Definition, such as can store the relevant information for the data packet being often used, also can store the data packet for being easy to appear safety problem
Relevant information etc..
It is corresponding with fisrt feature code to first kind information, in one embodiment first kind information and the fisrt feature
Code is unique corresponding.Processing module searches the corresponding fisrt feature of first kind information in default feature database in the present embodiment
Code, the fisrt feature code found is the original condition code of the target packet of user preset, it is believed that is target data
The corresponding correct condition code of the type of packet can also regard the first kind information and corresponding fisrt feature code as base
Plinth data.Second Type information is the information of the actual type of target packet, as active user's number of targets to be issued
According to the actual type information of packet.When processing module compares fisrt feature code and Second Type information, what the two was characterized
When content is identical, it may be considered that the target packet currently to be sent does not implement deception movement, such as without using HTTP tunnel
Road technology, then it is assumed that target packet meets default clearance condition;And the number of targets is thought if content after comparison is not identical
Deception movement is implemented according to packet, has such as used HTTP tunneling technique that may bring risk to network security, then it is assumed that the target
Data packet is unsatisfactory for default clearance condition, without allowing the target packet to issue.
In one embodiment of the application, processing module is further configured to: not being found when in default feature database
When the corresponding fisrt feature code of first kind information, then it is assumed that target packet meets default clearance condition.
Specifically, if presetting the relevant information of not stored first kind information in feature database, including first kind letter
Cease corresponding fisrt feature code, i.e., processing module does not find fisrt feature code in default feature database, then user by this first
The corresponding target packet of type information regards the data of security type, or the data without being monitored as, can be direct
The target packet is let pass, that is, thinks that it meets default clearance condition and is let pass.The embodiment can be more accurate
Monitored object is determined, to effectively improve treatment effeciency.
In one embodiment of the application, obtains module and be further configured to: determining the data characteristics of source body, root
Corresponding second feature code is generated according to data characteristics, wherein second feature code is used to characterize the type of source body.
In one embodiment of the application, processing module is further configured to: when target packet meets default let pass
When condition, clearance target packet, so that it is sent to target device;When target packet is unsatisfactory for default clearance condition
When, then target packet is abandoned, wherein default clearance condition includes the number that target packet is not based on the building of the tunnel HTTP
According to packet.
In one embodiment of the application, obtains module and be further configured to: intercepting and capturing the number of targets based on http protocol
According to packet, the header data in target packet is extracted, and obtains the type for characterizing target packet in header data
First field.
In one embodiment of the application, obtains module and be further configured to: according to the length in the header data
Field determines the source body in target packet, to obtain the Second Type information of source body.
Above embodiments are only the exemplary embodiment of the application, are not used in limitation the application, the protection scope of the application
It is defined by the claims.Those skilled in the art can make respectively the application in the essence and protection scope of the application
Kind modification or equivalent replacement, this modification or equivalent replacement also should be regarded as falling within the scope of protection of this application.
Claims (10)
1. a kind of network-based data processing method, which is characterized in that the described method includes:
Target packet is intercepted and captured, extracts specific first data in the target packet, and obtain in first data
For characterizing the first kind information of the type of the target packet;
According to the record content of first data, the Second Type letter of source body current in the target packet is obtained
Breath;
According to the first kind information and the Second Type information, it is pre- to judge whether the target packet intercepted and captured meets
If clearance condition, and the target packet is handled according to judging result.
2. the method according to claim 1, wherein described according to the first kind information and described second
Type information, judges whether the target packet intercepted and captured meets default clearance condition, and described in being handled according to judging result
Target packet includes:
The corresponding fisrt feature code of the first kind information is obtained from default feature database based on the first kind information;
The fisrt feature code and the Second Type information are compared, as both the content that is characterized it is identical when, then sentence
The target packet of breaking meets the default clearance condition.
3. according to the method described in claim 2, it is characterized in that, the method also includes:
When not finding the corresponding fisrt feature code of the first kind information in the default feature database, then it is assumed that
The target packet meets the default clearance condition.
4. the method according to claim 1, wherein message current in the acquisition target packet
The Second Type information of main body specifically:
The data characteristics for determining the source body generates corresponding second feature code according to the data characteristics, wherein described
Second feature code is used to characterize the type of the source body.
5. the method according to claim 1, wherein described handle the target packet according to judging result
Include:
When the target packet meets the default clearance condition, the target packet of letting pass, so that it is sent to
Target device;
When the target packet is unsatisfactory for the default clearance condition, then the target packet is abandoned, wherein described
Default clearance condition includes the data packet that the target packet is not based on the building of the tunnel HTTP.
6. the method according to claim 1, wherein the intercepting and capturing target packet, extracts the number of targets
According to the first data specific in packet, and obtain first of the type for characterizing the target packet in first data
Type information specifically:
The target packet based on http protocol is intercepted and captured, extracts the header data in the target packet, and obtain the head
First field of the type for characterizing the target packet in portion's data.
7. according to the method described in claim 6, it is characterized in that, the record content according to first data, is obtained
The Second Type information for taking source body current in the target packet includes:
According to the length field in the header data, the source body in the target packet is determined, to disappear described in acquisition
Cease the Second Type information of main body.
8. a kind of electronic equipment characterized by comprising
Module is obtained, is configured to intercept and capture target packet, extracts specific first data in the target packet, and obtain
The first kind information of the type for characterizing the target packet in first data;According to first data
Content is recorded, the Second Type information of source body current in the target packet is obtained;
Processing module is configured to the mesh for judging to intercept and capture according to the first kind information and the Second Type information
Whether mark data packet meets default clearance condition, and handles the target packet according to judging result.
9. electronic equipment according to claim 8, which is characterized in that the processing module is further configured to:
The corresponding fisrt feature code of the first kind information is obtained from default feature database based on the first kind information;
The fisrt feature code and the Second Type information are compared, as both the content that is characterized it is identical when, then sentence
The target packet of breaking meets the default clearance condition.
10. electronic equipment according to claim 9, which is characterized in that the processing module is further configured to:
When not finding the corresponding fisrt feature code of the first kind information in the default feature database, then it is assumed that
The target packet meets the default clearance condition.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910599639.9A CN110311850A (en) | 2019-07-04 | 2019-07-04 | A kind of network-based data processing method and electronic equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910599639.9A CN110311850A (en) | 2019-07-04 | 2019-07-04 | A kind of network-based data processing method and electronic equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110311850A true CN110311850A (en) | 2019-10-08 |
Family
ID=68078996
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910599639.9A Pending CN110311850A (en) | 2019-07-04 | 2019-07-04 | A kind of network-based data processing method and electronic equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110311850A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111767283A (en) * | 2020-06-19 | 2020-10-13 | 北京思特奇信息技术股份有限公司 | Data system monitoring method and system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030009571A1 (en) * | 2001-06-28 | 2003-01-09 | Bavadekar Shailesh S. | System and method for providing tunnel connections between entities in a messaging system |
CN104378361A (en) * | 2014-10-24 | 2015-02-25 | 苏州阔地网络科技有限公司 | Network intrusion detection method and system |
CN106230861A (en) * | 2016-09-07 | 2016-12-14 | 上海斐讯数据通信技术有限公司 | A kind of router fire wall lower network access method and router |
CN106506630A (en) * | 2016-10-27 | 2017-03-15 | 中国科学院信息工程研究所 | A kind of hostile network behavior based on HTTP content consistencies finds method |
CN107395637A (en) * | 2017-08-29 | 2017-11-24 | 厦门安胜网络科技有限公司 | Http tunnels active detecting method, terminal device and storage medium |
-
2019
- 2019-07-04 CN CN201910599639.9A patent/CN110311850A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030009571A1 (en) * | 2001-06-28 | 2003-01-09 | Bavadekar Shailesh S. | System and method for providing tunnel connections between entities in a messaging system |
CN104378361A (en) * | 2014-10-24 | 2015-02-25 | 苏州阔地网络科技有限公司 | Network intrusion detection method and system |
CN106230861A (en) * | 2016-09-07 | 2016-12-14 | 上海斐讯数据通信技术有限公司 | A kind of router fire wall lower network access method and router |
CN106506630A (en) * | 2016-10-27 | 2017-03-15 | 中国科学院信息工程研究所 | A kind of hostile network behavior based on HTTP content consistencies finds method |
CN107395637A (en) * | 2017-08-29 | 2017-11-24 | 厦门安胜网络科技有限公司 | Http tunnels active detecting method, terminal device and storage medium |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111767283A (en) * | 2020-06-19 | 2020-10-13 | 北京思特奇信息技术股份有限公司 | Data system monitoring method and system |
CN111767283B (en) * | 2020-06-19 | 2023-08-18 | 北京思特奇信息技术股份有限公司 | Data system monitoring method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7464407B2 (en) | Attack defending system and attack defending method | |
WO2018107784A1 (en) | Method and device for detecting webshell | |
US7774832B2 (en) | Systems and methods for implementing protocol enforcement rules | |
US8170352B2 (en) | String searching facility | |
CN107872456A (en) | Network intrusion prevention method, apparatus, system and computer-readable recording medium | |
CN104994104B (en) | Server fingerprint mimicry and sensitive information mimicry method based on WEB security gateways | |
US20080196099A1 (en) | Systems and methods for detecting and blocking malicious content in instant messages | |
CN105939326A (en) | Message processing method and device | |
US20120180120A1 (en) | System for data leak prevention from networks using context sensitive firewall | |
CN105704120B (en) | A method of the secure access network based on self study form | |
CN108881101A (en) | A kind of cross site scripting loophole defence method, device and client based on DOM Document Object Model | |
WO2018076697A1 (en) | Method and apparatus for detecting zombie feature | |
CN108259473A (en) | Web server scan protection method | |
CN111182060A (en) | Message detection method and device | |
CN108540480B (en) | Gateway and file access control method based on gateway | |
US9787711B2 (en) | Enabling custom countermeasures from a security device | |
CN106341377A (en) | Method and device for preventing Web server from being attacked | |
CN104486292B (en) | A kind of control method of ERM secure access, apparatus and system | |
JP2007325293A (en) | System and method for attack detection | |
CN108040036A (en) | A kind of industry cloud Webshell safety protecting methods | |
CN107786489A (en) | Access request verification method and device | |
CN109600395A (en) | A kind of device and implementation method of terminal network access control system | |
CN110311850A (en) | A kind of network-based data processing method and electronic equipment | |
Kamel et al. | Analysis of HTTP protocol implementation in smart card embedded web server | |
JP5682181B2 (en) | COMMUNICATION DEVICE, METHOD, AND PROGRAM HAVING COMMUNICATION CONTROL FUNCTION |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191008 |